Cisco
350-201(NEW-127Q) · Question #4
350-201(NEW-127Q) Question #4: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #4. The question stem and answer options stay visible for context.
Incident Response and Management
Question
The incident response team of an organization detects a compromised endpoint being used by a malicious actor who is encrypting and exfiltrating data. The incident response team stops the continued data leak. What must be the next step in this investigation?
Options
- AEvaluate the policies violated by the disclosed data.
- BEvaluate the impact of the disclosed data.
- CUnencrypt and recover the exfiltrated data.
- DNotify the external stakeholders of the disclosed data.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Incident Response#Impact Assessment#Data Exfiltration#Containment